/wp-content/plugins/wprus
directory, or install the plugin through the WordPress plugins screen directly for all websites to connect togetherWP Remote Users Sync "listens" to changes related to WordPress users, and fires outgoing "actions" to registered remote sites. The registered remote sites with WP Remote Users Sync installed then catch incoming actions and react accordingly. There is no "Master Website": each site is working independently, firing and receiving actions depending on each site's configuration.
Before opening a new issue on Github or contacting the author, please check the following:
https
vs. https
) and the subdomain (www vs. non-www) must be the same across the board. It is also worth checking the home
option in the wp_options
table of the WordPress databases, because in some cases the content of Settings > General > WordPress Address (URL) gets abusively overwritten by plugins or themes.由于这些浏览器默认阻止跨域第三方 cookie 操作,因此需要显式重定向以登录用户并在注销时销毁所有用户会话。使用这种方法,只有第一方 cookie 被操纵。这类似于使用 Google 帐户登录 Youtube。 请注意,使用显式重定向时,登录用户操作需要更长的时间来处理,尤其是在连接了许多远程站点的情况下。
由于用于身份验证的 cookie,登录和注销用户操作需要在浏览器中输出一些代码才能对远程网站产生影响。 What this means in practice is that if your theme or a third-party plugin allows users to login/logout without page reload, WP Remote Users Sync cannot output its code on the page, and without extra change to your website code base, the synchronisation can only happen after the page where the user logged in or logged out is actually reloaded. Please also note that unless "Force Login Redirects & Logout Everywhere" is active, or if "Force Disable Login Redirects & Logout Everywhere" options is active in the "Browser Support" section of the "Miscellaneous" tab, Login and Logout User Actions will not work in browsers preventing cross-domain third-party cookie manipulation when the connected websites are on different domains.
Existing users remain untouched, until an enabled incoming action is received from a remote site. Users existing on one site and not the other will not be synchronised unless the user is actually updated AND both Create and Update actions are enabled on the site where the user does not exist. For existing user databases in need of immediate synchronisation, WP Remote Users Sync provides its own user import/export tool.
多层安全措施可以保护连接站点之间通信的隐私,完整性和真实性:
WP Remote Users Sync needs to communicate with the remote sites to actually synchronise users. This means the impact on performances depends on the response time between the connected websites. Performance degradations are mitigated by the fact that Action Tokens (blocking request) are saved for a period of time, and by the fact that actions are fired ONLY when an operation has been performed on users (not on every page load). Asynchronous actions (Login & Logout by default) are the most costly: the operations themselves are not blocking, but their Action Tokens have to be renewed beforehand each time: true nonces, single-use tokens, are necessary for security reasons when firing actions from the browser. Asynchronous actions are also potentially more susceptible to failure in case of network issues, such as if the page load is interrupted or the enqueued script call failed in the browser ; this is a necessary trade-off as these actions require authentication cookie manipulations. Overall, performances should be marginally impacted. The main takeaway is this:
当创建和更新操作被触发时,角色可以同步,启用角色操作,并匹配传输和接受的角色设置。
Extra user information can be synchronised too out of the box as long as they are stored in the user metadata. For example, it means all the address and profile information in WooCommerce can be synchronised, but not the orders status or subscription status.
Passwords are automatically synchronised as long as the Password action is enabled (outgoing and incoming respectively). Communications are encrypted, signed, token-validated and IP-validated to make the process as secure as possible. Passwords are NEVER communicated or stored in plain text. WP Remote User Sync integrates with any plugin updating passwords provided they do so respecting WordPress standards.
If the incoming Create action is enabled along with the incoming Update action, the user will be synchronised on the remote website upon user update. If other actions for this user are fired before that (Login, Logout, Delete, Password, Metadata), nothing will happen, and an action failure log entry will be recorded if the "Enable Logs" box is checked.
Yes - as long as the websites can reach each other, WP Remote User Sync will work. This means that two websites in localhost (behind virtual hosts, for example) can communicate. However, if one of the websites is on localhost and the other is not, token exchange cannot happen and the websites will not be able to communicate.
WP Remote Users Sync provides its own user import/export tool. With it, administrators can:
More help can be found on the WordPress support forum for general inquiries and on Github for advanced troubleshooting. Help is provided for previously unanswered general enquiries and bug fixes only: feature requests, extra integration or conflict resolution with third-party themes or plugins, and specific setup troubleshooting requests will not be addressed (Website administrators must contact a third-party developer).
uninstall.php
mod_security
false positive when dealing with encrypted cookie stringheader_sent
logicwprus_template_*
hooks ; added wprus_get_admin_template_name
, wprus_get_admin_template_args
, wprus_get_template_name
, wprus_get_template_args
, wprus_locate_template
, wprus_locate_template_paths
and wprus_locate_admin_template
instead.‘); document.close();
issue on Safari browser - use of backticks, better error handling in browser consolewp_safe_remote_post
instead of wp_remote_post
readme.txt
HTTP_USER_AGENT
is set before testing it'wp-includes/pluggable.php'
load orderwprus_fire_action_timeout
filter hookremote_async_action
with async_action
, affecting method names ; action and filter hooks not affected, classes inheriting Wprus_Api_Abstract
need refactor.fire_async_actions
method of Wprus_Api_Abstract
(formerly fire_remote_async_actions
)wprus_action_data
filter hookwait.css
, wait.min.css
, wait.js
, wait.min.js
, wprus-wait.php
wprus-async-processing.php
and wprus-async-processing-script.php
Wprus_Api_Abstract
$key
parameter to wprus_option
filtermain-setting-page.php
to main-settings-page.php
init
action hooks to PHP_INT_MIN - 10
to maximize compatibility with third-party pluginswprus_integration
filter ; add wprus_integration
action instead.wprus_init
action.readme.txt
wprus_before_init_notification_hooks
and wprus_after_init_notification_hooks
action hooksWprus_Crypto
class inclusion (no direct access)wprus_integration
filterJSON_UNESCAPED_UNICODE
flag to support a wider range of characters (Chinese, Greek, etc)Wprus_Api_Abstract
class for developers of custom User Actionswprus_is_authorized_remote
filterplugins/wp-remote-users-sync/languages
wp_redirect()
or wp_safe_redirect()
without calling exit
afterwards do not interfere with asynchronous actions ; exit
should be called after these 2 functions unless there is a documented good reason not to, but some plugins (like Gravity Forms User Registration Add-On) or themes may not follow the WordPress best practices.get_option( 'home' )
instead of home_url
to get the homepage URL to avoid conflicts with plugins (in particular translation plugins) and themes filtering the value.